skills/jeremylongshore/claude-code-plugins-plus-skills/generating-infrastructure-as-code/Gen Agent Trust Hub
generating-infrastructure-as-code
Warn
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The
scripts/iac_generate.pyscript generates shell scripts and marks them as executable usingchmod(0o755). This dynamic script generation is a risk if the input source is untrusted, as it could lead to arbitrary command execution. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes user-provided descriptions to generate code. Ingestion points: Natural language requests in
SKILL.md. Boundary markers: Absent. Capability inventory: Bash access toaws,gcloud,az, andterraformcommands. Sanitization: Absent in the provided scripts. - [COMMAND_EXECUTION]: The skill requests broad execution permissions for cloud CLIs and Terraform via
Bashtool configurations inSKILL.md. This level of access increases the potential impact of malicious input or code generation.
Audit Metadata